Client Portal

How To: Secure and Configure your VPS or Dedicated server Print

  • 145

How to secure your dedicated or VPS server. Please not that this is only the vary basics!

First, lets configure CSF
Step 1: login to SSH, and become the root user
Step 2: enter the following command: wget 
Step 3: enter the following command: tar -xzf csf.tgz
Step 4: cd csf
Step 5:Run the install file: sh
You will receive a message saying it has been installed

Next you'll want to configure CSF
Step 1: nano nano /etc/csf/csf.conf
Step 2: Find Common ingress (inbound) TCP ports
Step 3: Change the following:
Common ingress (inbound) ports
Add 49152:65534 for passive FTP

Common egress (outbound) ports

Add 49152:65534 for passive FTP

Step 6: restart the firewall: csf -r

Step 7: After everything is fine, change the DEV option
We recommend changing this back to "0" after you've had a chance to ensure everything is working well and tested the server out.

nano /etc/csf/csf.conf

Find the first variable, which enables or disables testing and set to 0, save the config file and restart csf with "csf -r"

Disable Telnet
To disable telnet, SSH into server and login as root.
At command prompt type: nano-w /etc/xinetd.d/telnet
change disable = no to disable = yes
Save and Exit
At command prompt type: /etc/init.d/xinetd restart

Secure /tmp

Make a 1GB file for /tmp parition and an ext3 filesystem for tmp:
# dd if=/dev/zero of=/dev/tmpFS bs=1024 count=1000000
# /sbin/mkfs.ext3 /dev/tmpFS

Create a backup copy of your current /tmp drive:
# cp -Rpf /tmp /tmpbackup

Mount our new tmp parition and change permissions:
# mount -o loop,noexec,nosuid,rw /dev/tmpFS /tmp
# chmod 1777 /tmp

Copy the old data:
cp -Rpf /tmpbackup/* /tmp/

If you run the mount command and you should get something like this:
/dev/tmpMnt on /tmp type ext3 (rw,noexec,nosuid,loop=/dev/loop0)

Edit /etc/fstab and add this:
/dev/tmpMnt /tmp ext3 loop,nosuid,noexec,rw 0 0

Test your fstab entry:
# mount -o remount /tmp

You can test it runnig a script on /tmp partition, if you get "permission denied" it is fine!

Was this answer helpful?

« Back